https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Microsoft, Lenovo Collaborate to Squash Superfish Security Bug

  • Written by DH Kass 1
  • March 18, 2015
Microsoft collaborated with Lenovo and Superfish to eradicate malware associated with the developer’s ad-injection software the PC maker pre-loaded onto thousand of its machines late in 2014.

Microsoft (MSFT) said that it collaborated with Lenovo and Superfish to eradicate malware associated with the developer’s ad-injection software the PC maker pre-loaded onto thousand of its machines late in 2014, rendering them vulnerable to malicious man-in-the-middle attacks.

Superfish isn’t your garden-variety bloatware. It installs a self-signed root HTTPS certificate so when a user visits an HTTPS site, the site certificate is signed and controlled by Superfish, representing itself falsely as the official website certificate.

Microsoft’s security team said in a blog post that it used its new Superfish search-and-destroy tool from its Malicious Software Removal platform that reduced the number of Lenovo PCs infected with the malware over a two-week period ending March 4 from a high of 60,000 daily to 3,000 a day and subsequently to about 1,000 each day.

Based on a graph Microsoft provided showing the number of Superfish infections eradicated from Feb. 20 – March 4, roughly speaking, it appears the vendor removed the malware from about 250,000 Lenovo systems.

“Microsoft worked with Lenovo and Superfish to add detection with a root trust repair solution for Superfish to our real time protection products on February 19,” the company said in a blog post. “At the same time, we shared detection guidance through our MAPP and VIA partner programs to drive an industry cleanup. Our cleanup targets Lenovo machines as this is the only place the vulnerable version of Superfish is encountered.”

While it’s not clear if Microsoft’s adware removal tools or Lenovo’s or another vendor’s mostly was responsible for removing the Superfish invasion, at the very least a collaborative assault appears to have done the trick.

Just in case you forgot the details of Lenovo’s Superfish debacle, after years of seemingly doing everything right, Lenovo pre-installed the Superfish adware on some of its consumer laptops from last September to December, opening an uber-invasive superhighway for attackers to steal users’ encrypted Web data or stored online passwords.

At first the company astonishingly claimed it didn’t know that the Superfish adware is constructed to hijack encrypted Web sessions, insisting that installed the Superfish software to enhance the online shopping experience for users.

But when overwhelmed by an onslaught of heavy criticism from security experts, Lenovo acknowledged it hadn’t done its due diligence prior to pre-installing Superfish, and eventually followed up with a removal tool for users to gut the Superfish from their systems.

What followed was a series of mea culpas, apologies and concerted efforts by the company to right the wrong and regain the trust of its customers.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Security

Related


  • ThinkPad X1 Titanium Yoga
    Lenovo to Ship Its Thinnest ThinkPad Yet with X1 Titanium Yoga
    Lenovo's expanded commercial line includes revamped ThinkBooks and AR glasses.
  • Ransomware and malware
    Help Your Customers Mitigate Malware: Viruses, Worms, and Trojans…Oh My!
    With the right antivirus protection, your customers can better detect and prevent the spread of malware.
  • Samsung Galaxy S21
    Samsung Boosts Smartphone Security with New Galaxy S21 Line
    In addition, John Curtis will replace Mike Coleman as Samsung’s North America channel chief.
  • Network monitoring and management
    Malwarebytes Enhances OneView to Help MSPs' Security Business
    Security is an increasing concern for MSPs, particularly amid COVID-19.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Security Tips for Protecting your Backup Servers
  • Huntress Acquires Level Effect EDR to Beef Up Platform
  • The Benefits of Co-Managed IT for Enterprises in the New Normal
  • Lockdown Lessons: Securing Your Business First

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Importance of Being Security-Centric

January 22, 2021

Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures

January 21, 2021

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

January 19, 2021

Webinars

View all

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

Your Network Perimeter Has Changed

February 18, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@exabeam, @VulcanCyber, @ntti3, @Vectra_AI, @Lookout and @valtixinc give high marks to @POTUS' federal… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Judge sides with @AWScloud against #Parler; @SADAsystems gets AI-centric board member; @EnsonoIT, @navisite get… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

2021 may be the year of the #security-centric #MSP @BarracudaMSP #remoteworking #ITsecurity #dataprotection #RMM… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Adding #AIOps and #AI-driven WANs will help IT administrators move forward, says @MistSystems.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Microsoft taps @tybryson as corporate VP @msuspartner group @julwhite heading to SAP, @anderson to @Qualtrics.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

#MSPs can inject predictability into #threathunting @Sophos #cybersecurity #ransomware dlvr.it/Rr4ffV https://t.co/Bztc2Yxwvc

January 22, 2021
ChannelFutures

.@RiskBased report shows decrease in #databreaches, jump in exposed records in 2020. dlvr.it/Rr4fcW https://t.co/PYiDMiJFbt

January 22, 2021
ChannelFutures

Legal experts say @VMware's #lawsuit against @nutanix's new CEO holds little weight. dlvr.it/Rr48FJ https://t.co/oLxPhgvgAt

January 21, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X